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DETAILED ACTION 

1. Claims 1-12 are pending. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in 
the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-6 are rejected under 35 U.S.C. 102(e) as being anticipated by Sandhu, et al. 
(US 6,985,953). 

As per claim : 

Sandhu, et al. discloses an apparatus for determining in a global network the user status 
as the user goes from site to site within said network, said apparatus comprising: 

a set of baseline authentication agencies responsible for core global network authentication 
services; (col.6, lines 38-45; authentication agencies can broadly be given in light of servers, web site, 
providers, domains, or etc. that provides services.) 

a global network domain and associated DNS records used for cookie sharing, login 
routing, and the like; and (col.5, lines 20-31 and col. 14, lines 4-6) 
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a collection of partner sites with access to cookies shared via said global network domain. 
(col.2, lines 4-20 and COl.5, lines 2-16; partner site can broadly be given in light of an affiliated 
domain/site) 

As per claim 2: see col. 5, lines 20-67 and col. 9, lines 11-67; discussing the apparatus of claim 1, 
wherein a baseline authentication agency of said set of baseline authentication agencies: provides 
authentication services for a subset of the users of the global network after authenticating a user, 
writes a site identification along with an authenticated status of true into a cookie of said global 
network domain shared and accessible by said collection of partner sites; and when a global 
network user logs out of said global network, resets the user's authenticated status to false in 
said shared domain cookie. 

As per claim 3: see col.4, lines 24-67 and col.5, lines 3-31; discussing the apparatus of claim 2, 
further comprising means for when an authenticated global network user using a browser visits a 
partner site of said collection of partner sites, said partner site accessing said shared domain 
cookie to determine the user's baseline authentication agency; means for said partner site 
redirecting said user's browser to said baseline authentication agency to request global network 
id informational of the user; wherein said baseline authentication agency distinguishes between 
sites that have been linked and that have a trust relationship with the user and ones that have 
not been linked; and means for said baseline authentication agency returning said global network 
id informational of the user to said partner site if if s a linked site, thereby performing a seamless 
authentication, and if said site is not linked, said baseline authentication agency returning an 
authentication error indication. 



Application/ Control Number: 10/519,774 Page 4 

Art Unit: 2135 

As per claim 4: see col. 5, lines 45-67 and col.6, lines 1-35; discussing the apparatus of claim 2, 
further comprising: . means for when an unauthenticated global network user visits a global 
partner site, said global network partner site attempting to access said shared domain cookie and 
either not finding said cookie at all, or determining that said authenticated status is false; and 
wherein in either case, said global network partner site determining that a user is not 
authenticated into the global network and thus not allowing access for said user. 
As per claim 5: see col.3, lines 23-30 and col.5, lines 20-31; discussing the apparatus of claim 
2, further comprising a globally unique identifier for each global network user account, wherein 
said globally unique identifier is a primary key with which global network user data records are 
indexed, and wherein for privacy reasons, only said globally unique identifier and a name of an 
associated baseline authenticating agency are shared with third party sites unless a user opts-in 
to distributing said global network login id. 

As per claim 6: see col.5, lines 3-17 and col.9, lines 40-60; discussing the apparatus of claim 1, 
further comprising means for decentralizing core global network functionality, said means for 
decentralizing further comprising: means for propagating selected global network user 
information to global network partner sites by setting cookies on a global network domain for 
which each partner has an entry, such that partners can fetch said data without hitting any 
centralized global network server. 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 7-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sandhu, 
et al. (US 6,985,953) in view ofHinton, et al. (US 6,993,596). 
As per claim 7: 

Sandhu, et al. discloses a method for an existing global network user using a browser and 
having a global network account logging onto a global network partner site without preexisting 
authentication, said user having an account on said partner site, wherein said user account has 
an account number, and wherein said user previously authorized said global network to 
seamlessly log said user into said partner site, said method comprising the steps of: 

said user authenticating itself to a baseline authentication agency associated with the user, 
via any suitable method allowed by said baseline authentication agency and said global network; 
(col.6, lines 38-45) 

said baseline authentication agency setting values of a plurality of shared cookies, said 
plurality of cookies set on a partner-site-accessible subdomain of a global network domain, 
thereby readable by said baseline authentication agency and all global network partner sites, said 
plurality of shared cookies comprising, but not limited to: (col.2, lines 4-17 and col. 10, lines 8- 
14) 
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a shared network login status cookie containing both the user's global network login status, 
and the network id of the user's baseline authentication agency; (col.2, lines 20-31 and col.5, 
lines 2-31) 

said baseline authentication agency setting values of a plurality of private cookies, set on a 
private domain only accessible by said baseline authentication agency, said plurality of private 
cookies comprising, but not limited to: 

one or more global network credential cookies; (col.8, line 50-col.9, line 10) 

said baseline authentication agency generating a short-lived, partner-specific, encrypted 
[login token] and returning it to the browser as a hidden input field in an auto-submitting input 
form; (col.2, lines 45-67 and col. 10, lines 63-67) 

said browser processing said auto-submitting input form returned by said baseline 
authentication agency and submitting said [login token] to a partner site's login handler; (col.7, 
lines 51-67 and col. 10, lines 1-28) 

said partner site performing a server to server token validation request to said baseline 
authentication agency by passing said [login token]; (col.S, line 1-47 and col. 10, line 60-col.ll, 
line 8) 

said baseline authentication agency validating said [login token] and returning the user's 
global network account number to the partner site; and (col.4, lines 10-67 and col.5, lines 2- 
31) 

said partner site mapping the user's global network account number to a corresponding 
login id on said partner site, proceeding to log in, setting corresponding cookies on said partner 
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site, and returning a personalized welcome page to said browser, (col. 11, lines 1-60 and col. 14, 
lines 4-6) 

Although, Sandhu discloses login process and authentication agencies but did not include 
login token. 

Hinton discloses the invention of allowing an Internet user to transfer directly to a domain 
that is participating in the e-community without returning to a home domain prior to transferring 
to the participating domain. This enhances the usability of the e-community and set of 
participating domains, and allows the use to build long-term relationship with multiple 
participating domains (col.2, lines 56-67). Hinton discloses an introductory authentication token 
which is also referred as a vouch for token and includes the e-community single-sign-on 
functionality (col.3, lines 49-65 and col. 14, line 52-col.l5, line 67). Thus, suggests the claimed 
network global user having a global network account logging onto a global network partner site 
without preexisting authentication (col. 10, line 47-col.l3, line 36). Hinton includes an identity 
cookie DIDC and an enrollment token for the user that can be sent in clear or cryptographically 
protected (col.7, lines 32-61). Hinton further discusses the e-community cookie indicates the 
security server or other plug-in location, and a URI at a plug-in location that can provide an 
authentication vouch for token for that user (col. 10, lines 21-46). This allows for simplified single 
sign-on capabilities within a domain that is partitioned by multiple server domains and that the 
e-community cookie indicates that the server need not re-authenticate the user (col. 10, line 47- 
col.ll, line 42). 

Therefore, it would have been obvious for a person of ordinary skills in the art at the time 
the invention was made to teach login token to the apparatus and method of Sandhu of the 
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teachings of Hinton because simplifies single sign-on capabilities that need not re-authenticate 
the user and would enhance the usability of the e-community with multiple participating 
domains. 

As per claim 8: see col., lines ; discussing a method of claim 7, wherein at least one cookie of said 
plurality of cookies serves as a flag to said partner sites indicating that the user is logged into the 
global network (Hinton-col.2, lines 56-67 and col. 10, lines 21-54). 

As per claim 8: see Sandhu on col.8, lines 1-47 and Hinton on col. 10, line 47-col.l 1, line 42; 
discussing a method of claim 7, wherein at least one cookie of said plurality of cookies serves as a 
flag to said partner sites indicating that the user is logged into the global network 
As per claim 9: see Sandhu on col. 7, line 51-col.8, line 6 and Hinton on col. 10, line 47-col.l 1, 
line 42; discussing a method of claim 7, wherein said global network server generates a short- 
lived, partner site-specific, encrypted global network login token, and wherein a response of said 
global network server comprises a redirect instruction to said partner site global for a network 
login handler, and wherein said redirect instruction comprises said global network login token. 
As per claim 10: 

Sandhu, et al. discloses a method for a user on a global network using a browser visiting a 
partner Web site, wherein said partner Web site is a linked and seamlessly login enabling global 
network site, during an ongoing session, said method comprising the steps of: 

said user selecting said partner Web site and said browser requesting a home page of said 
partner Web site, wherein said home page of said partner Web site comprises a JavaScript tag 
telling said browser to fetch a partner site-served JavaScript file from said partner site server, as 
well as fetch other relevant JavaScript code; (col.2, lines 32-44 and col.3, lines 1-30) 
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said partner Web site server obtains a network login status cookie on a global network 
domain, thereby determining said user's global network login status and BAA; (col.6, lines 38-45 
and col.7, lines 51-67) 

said partner Web site using a BAA id from said network login status cookie for formulating 
a URL to a login token-generation service of said associated authentication agency domain, and 
returning an HTTP redirect to said URL; (col.4, lines 25-67 and col.3, lines 1-12) 

said browser fetching said URL, and passing a global network site id of said partner Web 
site; (col.4, lines 24-67) 

said associated authentication agency domain receiving said token-generation request 
including said site id, as well as any corresponding user global network credential cookie 
previously sent to the browser; (col.2, lines 20-31 and col.5, lines 2-31) 

said partner Web site's home page comprising a particular JavaScript code and using said 
particular JavaScript code for determining a JavaScript login-token variable has a value, wherein 
if said login-token variable has said value, then said proceeds with a seamless global network 
login processing; (col.2, lines 4-17 and col. 10, lines 8-14) 

said partner Web site requesting mapping of said login-token variable to a user global 
network account number; (col.8, lines 1-47 and col. 10, lines 1-28) 

said global network server decrypting said login-token variable and performing validation 
checks on said login-token variable, said checks comprising, but not limited to: (col.8, line 50- 
col.9, line 10) 
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not expired and if an associated IP of said requesting partner Web site is in an allowed list, 
and if said validation checks pass, then said global network server returning said global network 
account number to said partner Web site; and (col. 10, line 60-col.ll, line 7 and lines 50-60) 

said partner Web site mapping said user's global network account number to a 
corresponding partner Web site record, logging user in, setting cookies of said partner Web site, 
and returning a personalized welcome page. (col. 11, lines 1-60 and col. 14, lines 4-6) 

Although, Sandhu discloses login process and authentication agencies but did not include 
login token. 

Hinton discloses the invention of allowing an Internet user to transfer directly to a domain 
that is participating in the e-community without returning to a home domain prior to transferring 
to the participating domain. This enhances the usability of the e-community and set of 
participating domains, and allows the use to build long-term relationship with multiple 
participating domains (col.2, lines 56-67). Hinton discloses an introductory authentication token 
which is also referred as a vouch for token and includes the e-community single-sign-on 
functionality (col.3, lines 49-65 and col. 14, line 52-col.l5, line 67). Thus, suggests the claimed 
network global user having a global network account logging onto a global network partner site 
without preexisting authentication (col. 10, line 47-col.l3, line 36). Hinton includes an identity 
cookie DIDC and an enrollment token for the user that can be sent in clear or cryptographically 
protected (col. 7, lines 32-61). Hinton further discusses the e-community cookie indicates the 
security server or other plug-in location, and a URI at a plug-in location that can provide an 
authentication vouch for token for that user (col. 10, lines 21-46). This allows for simplified single 
sign-on capabilities within a domain that is partitioned by multiple server domains and that the 
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e-community cookie indicates that the server need not re-authenticate the user (col. 10, line 47- 
col.ll, line 42). 

Therefore, it would have been obvious for a person of ordinary skills in the art at the time 
the invention was made to teach login token to the apparatus and method of Sandhu of the 
teachings of Hinton because simplifies single sign-on capabilities that need not re-authenticate 
the user and would enhance the usability of the e-community with multiple participating 
domains (Hinton-col.2, lines 56-67 and col. 10, lines 21-54). 

As per claim 11: see Sandhu on col.lO, line 60-col.l 1, line 7 and Hinton on col.7, lines 2-16 and 
col. 10, lines 21-30; discussing a method of claim of 10 further comprising the steps of: said 
associated authentication agency domain checking if the site id is known or valid, if said user's 
credentials are valid, and if the user has authorized seamless login to said partner Web site. 
As per claim 12: see Sandhu on col.2, lines 32-44 and Hinton on col.3, lines 4-15; discussing a 
method of claim of 10, said seamless global network login processing further comprising the steps 
of: said JavaScript code writing out an HTML form comprising said global network login token as 
a hidden field and writing out a partner Web site global network login handler as an action URL, 
and auto-submitting said form such that said browser posts said form to said partner Web site 
global network login handler URL on said partner Web site. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Leynna T. Truvan whose telephone number is (571) 272-3851. The 
examiner can normally be reached on Monday - Thursday (7:00 - 5:00PM). 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/L. T. T./ 

Examiner, Art Unit 2135 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



